paubox.com gets an A+ SSL Security rating.
A county hospital in Illinois asked us today about our use of SSL certificates and how secure our setup is. After successfully answering their question, it occurred to me others might want to learn more abut proper configuration and use of SSL certificates.
An SSL Certificate provides secure, encrypted communication between a website and a user's internet browser. SSL certificates can also be used for secure email transmission. SSL Certificates are usually installed on websites that require users to submit sensitive information over the internet like credit card details, protected health information, or passwords.
SSL stands for Secure Sockets Layer and is the protocol which provides the encryption. It was originally developed by Netscape and released as SSL 2.0 (SSLv2) in 1995. An improved SSL 3.0 (SSLv3) was later released in 1996. It should be noted however, both SSLv2 and SSLv3 are no longer considered secure protocols. Paubox therefore does not support SSLv2 and SSLv3. Later this week, we will also be ending support for TLS 1.0. An SSL Certificate is not the same as the SSL protocol. In fact, an SSL certificate is not dependent on protocols and is rather an industry term more people are familiar with.
A free SSL Security Test that we like and use often is provided by Qualys, Inc. The Qualsys SSL Server Test is an effective way to test your website's SSL certificate, as well as a variety of other useful security checks. The test takes a couple minutes to run and is well worth it if you haven't done it before. With careful configuration and attention, it's possible to get an A+ SSL Security rating from the Qualys SSL Server Test. When it comes to U.S. Healthcare and HIPAA compliance, we recommend doing business with vendors that get an A grade or higher.